Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208226.roa
File:                     AS208226.roa (raw, json)
Hash identifier:          xCvxaZBguCV9WbKlZl6FsDZ3gVTBk+QSjabZuZcyxyk=
Subject key identifier:   88:0B:F0:2B:E7:DD:FE:C7:7E:82:71:29:AF:A4:B9:6A:2C:5E:FA:C9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3DA627EB720213358609054B80D1C690255D6F9C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208226.roa
Signing time:             Tue 07 Apr 2026 09:06:59 +0000
ROA not before:           Tue 07 Apr 2026 09:01:59 +0000
ROA not after:            Tue 06 Apr 2027 09:06:59 +0000
asID:                     208226
IP address blocks:        82.41.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:a6:27:eb:72:02:13:35:86:09:05:4b:80:d1:c6:90:25:5d:6f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  7 09:01:59 2026 GMT
            Not After : Apr  6 09:06:59 2027 GMT
        Subject: CN=880BF02BE7DDFEC77E827129AFA4B96A2C5EFAC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1d:86:33:a2:aa:10:1e:57:62:cf:53:e3:75:
                    9f:db:fe:9c:ef:e3:ab:e5:c8:b2:5d:33:9a:c1:29:
                    f6:b6:8b:24:cd:3e:14:8f:66:0f:ac:64:30:f3:a2:
                    f0:34:02:d5:ef:af:83:1c:6e:0b:ca:37:1c:34:70:
                    66:48:4b:22:d2:d8:63:89:9c:f8:64:97:68:26:55:
                    7b:0d:7e:ac:ac:71:4a:98:44:cc:0d:f7:fe:a7:97:
                    17:77:01:4a:c1:10:08:78:06:12:b3:d9:e1:ad:18:
                    5d:b2:ef:7e:bb:7f:61:42:d1:48:14:ee:cb:ff:73:
                    41:a1:fe:68:3a:0e:74:e2:8a:a4:f1:7a:9e:44:d3:
                    70:d3:26:9a:ed:22:25:e2:1a:4c:c9:64:28:1a:ca:
                    ed:c0:79:94:ca:4f:17:5e:97:a6:b0:65:97:b4:74:
                    44:8c:38:91:1c:9b:10:cf:fc:88:ba:f6:0d:02:8b:
                    0a:9f:af:44:54:73:15:69:86:26:95:03:53:93:93:
                    1d:0e:80:fa:44:8b:6a:d9:94:4e:dd:d2:46:38:b4:
                    15:76:89:25:8e:64:90:77:5c:93:bd:91:8e:85:2d:
                    b0:00:e1:a0:31:c7:f6:39:70:57:b2:45:cd:61:52:
                    9a:1c:d1:40:4a:2a:65:f1:a2:74:c2:b7:71:e1:42:
                    de:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:0B:F0:2B:E7:DD:FE:C7:7E:82:71:29:AF:A4:B9:6A:2C:5E:FA:C9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208226.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:72:fd:d6:7d:d5:df:71:49:a2:45:65:19:55:70:17:d1:ad:
         b3:c1:27:2f:7d:fd:13:ae:64:09:b2:87:49:9b:25:eb:ae:0c:
         b1:1f:a3:d4:07:86:64:53:80:b7:f1:3e:c7:5a:5a:3c:a2:98:
         ff:49:5f:f4:db:44:89:bd:47:6a:c0:35:f2:6f:89:f8:b3:d5:
         9b:94:55:99:51:0f:fa:bc:6f:cd:67:29:80:07:00:9d:fa:ee:
         8e:37:08:a7:92:d4:70:1d:02:f2:d6:c7:c8:d6:6b:23:91:c3:
         1e:0b:83:17:f1:2d:d5:5c:65:7e:da:dd:5d:ec:2e:9f:8c:ac:
         f2:d0:2e:ae:4d:38:d6:58:75:43:d4:55:81:4a:6e:4d:2c:dc:
         32:39:d5:db:2e:d1:26:5d:7e:ee:8a:16:c2:6e:da:e2:5e:fa:
         bc:7e:63:7c:2f:06:17:a6:77:ec:38:c1:cd:db:35:20:d7:bc:
         3e:3c:09:b4:68:09:eb:d7:db:34:4d:d3:70:e6:fd:c8:d6:d1:
         68:82:03:46:ac:89:a9:68:7f:9a:55:db:8d:71:0e:15:1f:30:
         e6:4f:e7:0a:82:17:52:98:d3:a3:cc:5c:41:7a:68:4a:38:02:
         16:9e:79:f2:17:9e:7a:2e:ca:c7:97:ef:1c:98:75:4c:25:17:
         7e:04:c6:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPaYn63ICEzWGCQVLgNHGkCVdb5wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDcwOTAxNTlaFw0yNzA0MDYwOTA2NTlaMDMxMTAvBgNV
BAMTKDg4MEJGMDJCRTdEREZFQzc3RTgyNzEyOUFGQTRCOTZBMkM1RUZBQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVHYYzoqoQHldiz1PjdZ/b/pzv
46vlyLJdM5rBKfa2iyTNPhSPZg+sZDDzovA0AtXvr4McbgvKNxw0cGZISyLS2GOJ
nPhkl2gmVXsNfqyscUqYRMwN9/6nlxd3AUrBEAh4BhKz2eGtGF2y7367f2FC0UgU
7sv/c0Gh/mg6DnTiiqTxep5E03DTJprtIiXiGkzJZCgayu3AeZTKTxdel6awZZe0
dESMOJEcmxDP/Ii69g0Ciwqfr0RUcxVphiaVA1OTkx0OgPpEi2rZlE7d0kY4tBV2
iSWOZJB3XJO9kY6FLbAA4aAxx/Y5cFeyRc1hUpoc0UBKKmXxonTCt3HhQt75AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiAvwK+fd/sd+gnEpr6S5aixe+skwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA4MjI2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUimJ
MA0GCSqGSIb3DQEBCwUAA4IBAQChcv3WfdXfcUmiRWUZVXAX0a2zwScvff0TrmQJ
sodJmyXrrgyxH6PUB4ZkU4C38T7HWlo8opj/SV/020SJvUdqwDXyb4n4s9WblFWZ
UQ/6vG/NZymABwCd+u6ONwinktRwHQLy1sfI1msjkcMeC4MX8S3VXGV+2t1d7C6f
jKzy0C6uTTjWWHVD1FWBSm5NLNwyOdXbLtEmXX7uihbCbtriXvq8fmN8LwYXpnfs
OMHN2zUg17w+PAm0aAnr19s0TdNw5v3I1tFoggNGrImpaH+aVduNcQ4VHzDmT+cK
ghdSmNOjzFxBemhKOAIWnnnyF556LsrHl+8cmHVMJRd+BMbv
-----END CERTIFICATE-----